As the Electronic Communications Privacy Act Turns 25, It Gets a Birthday Spanking

A police officer removes a computer from the the Taiba mosque in Hamburg, Germany

Photo by Bodo Marks/AFP/Getty Images

In honor of its 25th anniversary this week, the Electronic Communications Privacy Act is getting smacking around by organizations from both sides of the political spectrum, including the ACLU, the Center for Democracy and Technology, and even Americans for Tax Reform. Also onboard: technology companies like Apple and Intel. United as the Digital Due Process coalition, these groups argue that the legislation is out of step with modern technology and in desperate need of an update. In its current form, the act gives too much power to the government to listen (or read) in on citizens’ communications.

Torie Bosch is the editor of Future Tense, a project of Slate, New America, and Arizona State that looks at the implications of new technologies.

On Ars Technica, Jim Dempsey, the vice president for public policy at the Center for Democracy and Technology, writes,

Advertisement

Although it was forward-looking at the time, ECPA’s privacy protections have remained stuck in the past while technology has raced ahead. … Citing ECPA, the government claims it can track your movements without having to get a warrant from a judge, using the signal your mobile phone silently sends out every few seconds. The government also claims it can read your e-mail and sneak a peek at your online calendar and the private photos you have stored in “the cloud," all without a warrant.

The government admits that if it wants to seize photos on your hard drive, it needs a warrant from a judge. And if it wants to intercept your e-mail en route, well, it needs a warrant for that, too. But once the data comes to rest on the Internet’s servers, the government claims you’ve lost your privacy rights in it. Same data, different rules.

Why? Because in the olden, pre-cloud days of ECPA’s inception, e-mail existed on the Internet’s servers only briefly before being downloaded to a computer. If an e-mail is six months or older and is stored on the cloud used by Internet servers, it’s considered abandoned and thus is not subject to a warrant—perhaps a fair assumption in the ‘80s, but not in this era of archiving everything in Gmail, as Wired’s David Kravets notes.

While differentiating between emails, photographs, and other files stored in the cloud and data stored on a hard drive may seem antiquated, that dichotomy is valuable to law enforcement, Tony Romm writes on Politico. Romm quotes a Department of Justice official who says that the legislation “properly strikes the balance of public safety and privacy the way it is.” But if Sen. Patrick Leahy, D-Vt., has his way, the DoJ won’t be happy with the legislation for long. Earlier this year, he introduced the ECPA Amendments Act to “renew the commitment to the privacy principles that gave birth to the ECPA a quarter century ago.” In marking the ECPA’s birthday this week, he renewed his commitment to modernizing the law, promising movement on the legislation by the end of the year.